OS X 10.4 Tiger shipped on 29 April. I have been running it on a test machine for the past week; first impressions follow.
This is not the post a Mac enthusiast would write. The structural security observations matter more than the consumer-feature highlights.
What is structurally interesting
Three security-relevant changes from previous OS X versions.
Spotlight indexing. Tiger introduces system-wide content indexing for search. Specific files, specific email content, specific application data — all indexed automatically. The indexing produces useful functionality; it also produces a centralised store of sensitive content that an attacker who compromises the host gains immediate access to.
The trade-off is real but bounded. Most data the indexing covers is already accessible to a compromised host through file enumeration; the index makes specific search faster rather than enabling entirely new attack categories. The defensive response is not different from existing OS X compromise response; the cleanup just has more files to consider.
Kerberos and directory-service improvements. Tiger has more mature Kerberos integration and cleaner directory-service support. For organisations integrating OS X clients into existing enterprise authentication infrastructure (Active Directory, Open Directory, MIT Kerberos), the integration is meaningfully better than in previous versions.
The cumulative implication: enterprise OS X deployment becomes more achievable. Specific organisations that previously declined OS X for client deployments because of authentication-integration complexity now have a more workable path.
Improved sandboxing primitives. Tiger introduces specific sandbox-style mechanisms for restricting application access to system resources. The mechanisms are not yet broadly used by applications; the infrastructure is now available for future deployment.
The trajectory is positive. Future OS X versions will use these primitives more aggressively; future applications will be sandboxed by default; the cumulative attack surface should shrink as the architecture matures.
What is operationally similar
Most of what makes OS X relatively secure remains. The Unix-derived foundation, the BSD-style permission model, the clear separation between user and root contexts. Specific improvements in Tiger are additive rather than substitutional.
For administrators of OS X estates: the migration is bounded. Application compatibility is mostly preserved; the operational discipline is unchanged; specific Tiger-specific configurations are minor.
What I am paying attention to
Three things to watch over the next year.
Apple's security-advisory rhythm. OS X advisories continue; the cadence is acceptable but slower than I would prefer. Specific high-severity advisories deserve faster response than Apple has historically demonstrated.
Specific exploitation research targeting OS X. The OS X share is growing; the structural attractiveness of OS X as a target is rising; specific exploitation research will follow. The first major OS X-specific malware family is, on the available trajectory, within the next 18-24 months.
Enterprise deployment patterns. As OS X gains share in specific sectors (creative industries, education, increasingly some technology firms), specific operational patterns will emerge. The cumulative experience across organisations should produce structural understanding of OS X-specific defensive disciplines.
What I am doing
For my own infrastructure: my single OS X machine is now running Tiger. The operational discipline is unchanged; the cumulative system feels meaningfully better than 10.3 was.
For my structured-log analysis: nothing OS X-specific yet. The single host produces little signal; specific patterns will emerge if I add more OS X capacity to the honeypot range.
For client deployments where OS X is in scope: standard advice — keep current with patches, do not run as root, treat OS X with the same operational discipline as any other Unix-class system.
A reflection on the broader trajectory
OS X is, on balance, the most credible alternative to Windows for general-purpose desktop computing in some years. The security architecture is meaningfully better than Windows; the cumulative malware exposure is meaningfully smaller; the structural advantages compound.
The cumulative effect on the threat landscape is the same diversification argument I made for Firefox: operating-system diversity is now a security property. As OS X gains share, attackers must develop OS X-specific exploitation; the cumulative effort required for broad attack reach grows.
For anyone considering whether to move to OS X: the security advantages are real but not absolute. Specific OS X compromises will continue; the operational discipline still matters. The migration is reasonable for users whose application portfolio is OS X-compatible.
For my own writing: more on OS X as the trajectory develops. The cumulative archive will track the platform's structural properties as they evolve.
More in time.